Using SSH tunnels for remote connections
Post date: Feb 2, 2011 9:11:17 AM
So I found myself in a situation today where I wanted to copy a file off my computer onto a remote machine located inside another network.
I control the network, but there are security concerns which prevent me from wanting to use RDP or put any password that is used elsewhere into memory on this remote machine. I was also behind NAT from my client PC. Instead of copying the file to another machine which was directly accessible with a webserver, and then pull it from there, I decided just use a SSH tunnel to bind my port 80 to a server accessible to both.
Basically port forwarding from your client accessible network to a remote server:
On the SSH server that will become the server providing your content:
edit /etc/sshd_config
Add: GatewayPorts yes
restart sshd (in my case freebsd, so /etc/rc.d/sshd restart)
On the client with access to the network with the service you want to map/distribute:
ssh -R \*:<remote-server-port>:<local-server-with-content>:<local-server-port> <username>@<remote-server-that-will-provide-content>
So in my case, the server running on my local machine one port 80 to a remote machine on 8080 would look like this:
ssh -g -R \*:8080:localhost:80 ns1.00000000.ca
Please note this is actually a major heads up to think about network security. Even if you are protecting a network with stateful packet inspection, remember that traffic which was established from trusted networks to outside can tunnel untrusted connections back in - so in a truly secure network one must enforce security on outbound traffic.